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The Problem 



• There is a rising global concern over challenges presented in the application 
of new technologies to the design of increasingly complex systems. 

• Many problems have arisen that may not be solvable with current methods: 

- Costs in money and time of designing, testing, delivering, operating, and 
maintaining new systems is accelerating at an unsustainable rate. 

- Systems often do not perform as they were intended. 

- Problems for maintenance and operations. 

» When systems fail, often difficult or impractical to correct problems. 

» Complexity of designs increases probability of intermittent problems. 

• Much of the added complexity, and exacerbating this problem, is the 
integration of information technology into mechanical systems: cyber- 
physical systems. 

• Problems are not unique to aerospace. 
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Fixing System Engineering 

• Addressing these challenges will not be solved by simply doing what we 
know how to do now better ... 

- Need to do things we currently do not know how to do. 

- Requires a transformation of engineering practice. 

• In 2010, former NASA administrator, Michael D. Griffin posed the question, 
“How do we fix System Engineering ” * 

• His concern was that failures of important and complex systems continue to 
occur despite that everything thought to be necessary in the way of process 
control was done throughout the design process. 

• Mitigation of future failures is attempted by improving the current system 
engineering process. 

• Griffin concludes that the answer cannot lie in continuing to do more of the 
same thing while expecting a different outcome. 

• What is needed is a new perspective of design elegance. 



* Griffin, Michael, “How Do We Fix Systems Engineering?” 61st International Astronautical Congress. Prague, Czech Republic, September 27 - October 1, 2010. 
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NASA’s Response to Griffin’s Challenge 

Established NASA Consortium on System Engineering of Elegant Systems 

• Motivation: 

- System Engineering of Complex Systems is not well understood and is 
challenging 

» System Engineering can produce elegant solutions in some instances 

» System Engineering can produce embarrassing failures in some instances 

» Within NASA, System Engineering does is frequently unable to maintain complex 
system designs within budget, schedule, and performance constraints 

- Successful practice in System Engineering is frequently based on the ability of 
the lead system engineer, rather than on the approach of system engineering in 
general 

- The rules and properties that govern complex systems are not well defined in 
order to define system elegance 

• 4 characteristics of system elegance proposed as: 

- System Effectiveness 

- System Efficiency 

- System Robustness 

- Minimizing Unintended Consequences 
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Approach: Define System Engineering as an 
Engineering Discipline 

• System Works 

- Understanding objectively what works in current system development (SLS) 

- Follow SLS to study full development phase (once in 40 year opportunity) 

- Distill the laws governing system engineering in complex systems by studying 
this approach through a combination of academic research with practicing 
system engineers 

- Document the laws governing complex system interactions identified in the 
research 

- Capture practical guidance from the research in a System Engineering 
Practitioner’s Guide 

• System Design 

- Apply the laws of governing Complex Systems in an elegant manner in the next 
major complex system development (Mars Transportation System) 

- Apply and refine guidance in System Engineering Practitioner’s Guide 

• System Academy 

- Train new and practicing system engineers in the engineering basis of the 
discipline 

- Preliminary Academic Curriculum 

- Current work force training courses 



National Aeronautics and Space Administration 


Kennie H. Jones, Antifragile 2015 


6 


Consortium 



• Research Process 

- Multi-disciplinary research group that spans systems engineering areas 

- Selected researchers who are product rather than process focused 

• List of Consortium Members 

- Schafer Corporation: Michael D. Griffin, Ph.D. 

- Air Force Research Laboratory - Wright Patterson, Multidisciplinary Science and Technology Center: 
Jose A. Camberos, Ph.D., Kirk L. Yerkes, Ph.D. 

- George Mason University: John S. Gero, Ph.D. 

- George Washington University: Zoe Szajnfarber, Ph.D. 

- Iowa State University: Christina L. Bloebaum, Ph.D., Michael C. Dorneich, Ph.D. 

- Massachusetts Institute of Technology: Maria C. Yang, Ph.D. 

- Missouri University of Science & Technology: David Riggins, Ph.D. 

- NASA Langley Research Center: Anna R. McGowan, Ph.D., Peter A. Parker, Ph.D. 

- Oregon State University: Irem Turner, Ph.D., Christopher Hoyle, Ph.D. 

- SpaceWorks Enterprises, Inc.: John Olds, Ph.D. 

- Stevens Institute of Technology: Khaldoun Khashanah 

- Texas A&M University: Richard Malak, Ph.D. 

- Tri-Vector Corporation: Joey Shelton, Ph.D., Robert S. Ryan 

- The University of Alabama in Huntsville: Phillip A. Farrington, Ph.D., Dawn R. Utley, Ph.D., Laird Burns, 
Ph.D., Paul Collopy, Ph.D., Bryan Mesmer, Ph.D., P. J. Benfield, Ph.D., Wes Colley, Ph.D. 

- The University of Arkansas: David C. Jensen, Ph.D. 

- The University of Colorado - Colorado Springs: Stephen B. Johnson, Ph.D. 

- The University of Dayton: John Doty, Ph.D. 

- The University of Texas, Arlington: Paul Componation, Ph.D. 

• Previous Consortium Members 

- Stevens Institute of Technology - Dinesh Verma 

- Spaceworks - John Olds (Cost Modeling Statistics) 

- Alabama A&M - Emeka Dunu (Supply Chain Management) 

- George Mason - John Gero (Agent Based Modeling) 

- Oregon State - Irem Turner (Electrical Power Grid Robustness) 

- Arkansas - David Jensen (Failure Categorization) 
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Collaborations 



• DoD System Engineering Research Council (SERC) 

- Stevens Institute of Technology participated in the NASA System Engineering Research 
Consortium Kick off meeting 

- Current Collaborations 

» Proposing a new SERC Core Area to address Elegant, Product Focused System Engineering 
» NASA can participate in system engineer sabbaticals at SERC participating universities (working 
with Training and Education Office) 

• Missile Defense Agency (MDA) 

- Application of Goal Function Tree to analyze missile defense system of systems problems 

• AFRL-WP 

- Multidisciplinary Science and Technology Center (MSTC) 

- System Exergy Assessment 

• NSF 

- e-Design Center 

» Industrial Member of the e-Design Center 

» Providing coordination with university participants and other industrial sponsors to access NASA 
related points of contact 

- Workshops 

» Organizing and Participating in Theory of Systems Engineering Workshop 

• International Partners 

- University of Cambridge: Operational Phase System Engineering 

- Technical University of Denmark (DTU): Risk Management 
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System Engineering Postulates 


1. System Engineering is product specific. 

2. There exists an optimal system engineering solution for a specific context. 

3. System complexity > optimal system complexity necessary to fulfill all 
system outputs. 

4. The System Engineering domain consists of subsystems and their 
interactions among themselves and with the system environment. 

5. The function of System Engineering is to integrate engineering disciplines in 
an elegant manner. 

6. System Engineering influences and is influenced by organizational structure 
and culture. 

7. System Engineering is constrained by budget, schedule, policy, and law. 
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System Complexity 


• Complexity: A measure of a system’s intricacy and comprehensibleness in 
interactions within itself and with its environment. 

• Properties: 

- Complex systems have a propensity to exhibit unexpected performance of 
intended function 

- Complex systems are aggregations of less complex systems 

- Complex systems exhibit properties not present in the individual subsystems but 
present in the integration of subsystems (emergent property) 

- Complex system interactions form networks within the system and with the 
system environments 

» Complex system interactions can be understood through control theory 

- Complex systems exhibit nonlinear responses to system stimuli 

» Complex systems are difficult to predict 

- Complex systems have local optimums 

» (Organizational Efficiency Determines ability to achieve local optimum) 

- Complex systems can be analyzed using two concepts: 

» laws (rules of interaction) 

» states (current state and prior history) 
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System Complexity (cont.) 

• Collecting heuristics and complex system relationship fragments to begin 
defining a set of complex system interactions 

- Focus is on practical system complexity 

» Finite solution space 

♦ Performance 

♦ Budget 

♦ Schedule 

» Engineered systems are intentional systems 

♦ Does not negate benefit of learning from natural systems 
» Unpredictable, but controllable (can be bounded) 

• Considering implications of the Cynefin Model 

- Is complexity a relative measure of understanding? 

» If you can understand it, is it then complicated? 

♦ Systems evolve from Chaotic to Complex to Complicated 

♦ Then Complicated systems are the systems of interest in Engineering 

• Looking at fragments cataloged by INCOSE System Sciences Working 
Group 
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What is Antifragile? 


A change in design philosophy to address many of these challenges is 
presented in Nassim Taleb’s book, Antifragile: Things That Gain from Disorder. 

• Current systems are designed to be fragile at some degree: 

- Requirements for performance are specified and the system is designed 
to meet those requirements. 

- If the system is stressed beyond the design requirements, it will fail. 

- Current efforts are focused on how to design more resilient systems but 
the result is pre-determined systems that are less fragile. 

• Opposite of fragile as antifragile: 

- A system becomes stronger when stressed. 

- The best examples found in biological systems. E.g., Muscle becomes 
stronger when stressed through activity and exercise. 
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Antifragile in System Engineering 



• In design today, requirements are established and systems are designed to 
meet those requirements: the system is predetermined. If requirements are 
exceeded, the system fails: the system is fragile. 

• Failures in modern complex systems are often due to factors in the 
interactions of components with each other and their environment that are: 

- Undetermined 

- Underdetermined 

- Uncertain 

- Unknown 

- Unknowable 

- Unforeseen 

• For a system to be designed antifragile, it must be able to adapt to these 
factors. What is needed are new methods producing systems that can adapt 
functionality and performance to meet the unknown. 


National Aeronautics and Space Administration 


Kennie H. Jones, Antifragile 2015 


13 


What is a Cyber-Physical System? 



• Facilitates autonomous situational management: 

- Observes the environment (situational awareness) 

- Decides upon action (prescribed or cognitive) 

- Acts on the environment 


Feedback 
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Cyber-Physical System Components 

• Perception: 

- Collection, organization, identification, and interpretation of sensory information 
in order to represent and understand the environment: provide situation 
awareness. 

- SOA is a paradox: 

» Need more/better sensors for complete situational awareness. 

» Current sensor fusion inadequate for complete perception available from current 
sensors. 

• Assessment/Decision: Ranges along a continuum from 

- Prescribed automation: all behavior is predetermined and scripted. CPS simply 
follows directions. 

To: 

- Cognitive autonomy: CPS observes, remembers, learns, and adapts behavior to 
current environment. Exhibits behavior not predetermined, predicted, or even 
envisioned. 

• Action: SOA is backwards compared with animals: 

- SOA design begins with desired action: is predetermined, script is written to 
effect action, minimal sensing is performed to direct script execution. 

- Animals begin with a genetic predisposition, immediately begin comprehensive 
observation and assessment of environment, then learn and adapt behavior to 
accomplish needs/desires (think babies learning to climb stairs). 
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Cyber-Physical Systems Enable Antifragile Design 

• CPS is the best technology today to enable design of antifragile systems. 

• BUT, this requires CPS that are more than prescribed automation as it is 
fragile. 

- Most work today in autonomous systems is prescribed automation. 

- Trust in prescribed automation is determined by evaluation of the 
prescription. 

- Does not account for unprescribed events: produces failure. 

• CPS must be designed to adapt to the unforeseen. This requires cognitive 
autonomy. 

- More work is required in methods for cognitive autonomy. 

- Trust must be developed: how do you trust a machine that can 
autonomously adapt its behavior beyond a prescription? 
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Applying Antifragile Philosophy in Engineering 



• Following are examples of ongoing research that adopts this philosophy: 


- Is not an exhaustive list but presents examples of how a change in design 
philosophy can lead to antifragile systems. 


- In these examples, systems are not designed for what is expected and 

anticipated but to access the environment in realtime and adapt in response to 
current events that need not be completely known at design. 
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Communal Sensor Network 



• Noise abatement in aircraft engine nacelles is conventionally accomplished 
by massive numbers of Helmholtz resonators arranged behind the nacelle 
liner: 

- Are passive as they are of fixed and homogeneous impedance. 

- Impedance is selected as a tradeoff to achieve acceptable noise reduction 
throughout all periods of the flight regime (e.g., take-off, cruise, and landing), 
though realizing optimal reduction in none. 

• Problems in translating design into operational systems: 

- Designers use approximations. 

- Design is not perfectly implemented in manufacturing. 

- Properties can change during use. 

• Techniques have been developed to adjust the impedance of a resonator in 

situ. 

• Has been proven that heterogeneous liners can achieve better noise 
attenuation than the optimal homogeneous liner. 
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Communal Sensor Network (cont.) 

The question: how is the decision made to set impedances of each resonator to 
achieve optimal nose attenuation throughout the flight regime? 

• Conventional approach: 

- Predetermine best combination of impedances for all resonators under differing acoustic 
conditions. 

- Resonators centrally instructed to adjust impedance as conditions change (i.e., a table 
lookup). The table could be large but is discrete and finite and, thus, instructions would 
always be an approximation. 

• Alternate approach: have the resonators act as a community: 

- Assess acoustic conditions locally. 

- Share information with each other when necessary. 

- Make local adjustments in response to these conditions. 

- From a combination of local decisions and actions, impedances would be adjusted locally 
to affect a global optimal attenuation. It is not necessary to predetermine conditions: the 
community would assess and respond to conditions as they change. 
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Morphing Wing 



• The shape of conventional wings on aircraft is fixed with small variability in 
foil shape through control surfaces. 

• Aircraft design is a tradeoff between stability (needed for safety) and 
instability (needed for agility). 

- The more stable the aircraft, the safer it is but the less agile it is. 

- Fighter and acrobatic aircraft are less stable but more maneuverable than 
passenger liners. 

- Stability of aircraft is fixed at design, except for small variability of control 
surfaces. 

• Conventional design uses modeling, simulation, analysis, and ground test 
experimentation to optimize wing design for few design points in anticipation 
of expected conditions of flight for a specific mission. 


National Aeronautics and Space Administration 


Kennie H. Jones, Antifragile 2015 


20 


Morphing Wing (cont.) 

• Improvements in multi-functional, smart materials and structures, make 
possible a morphing wing. 



• Can improve ability to vary the characteristics of the wing in flight, providing 
greater flexibility and adaptability of shape, thus opting for increased stability 
or agility as needed. 


• A morphing wing, with its greater flexibility of shape could assess 
conditions in situ, respond to those conditions within its increased limits 
of flexibility, and adjust its characteristics appropriately. 


• This would not only lead to higher performance and efficiencies in flight but 
would also allow greater flexibility so that a single aircraft could easily be 
adapted for multiple missions. 
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Learn To Fly 



• NASA has developed a “Learn-to-Fly” concept: techniques to rapidly and 
autonomously develop vehicle characterization and control strategies during 
flight with minimum human interaction. 

- Early results have developed efficient and rapid flight test capabilities for 
estimating highly nonlinear models of airplane aerodynamics over a large flight 
envelope. 

- Used in conjunction with fuzzy-logic system identification algorithms, flight 
maneuvers result for flight conditions ranging from cruise to departure and spin 
conditions. 

• This philosophy differs from conventional methods for defining control laws: 

- Rather than specify all control strategies and vehicle characteristics in design, 
methods are being developed whereby these can be evolved, adapted, and 
optimized in flight. 
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Learn To Fly (cont.) 



The biomimetic approach is drawn from the way baby birds learn to fly: 


• While they are born with genetic capability and predisposition for flight, their 
early flights are erratic and inefficient. 


• From these experiences, better techniques are rapidly developed and 
adopted until the bird is able to fly efficiently with skill. 


• These techniques go beyond initial determination of rules but will be 
continually used to adapt for new situations resulting in improved flight. 
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Swarming 



• A swarm is a collection of autonomous vehicles operating for a common 
purpose that are not centrally controlled. 

• Must self-organize and cooperate to complete a mission. 

• Is composed of large numbers of relatively inexpensive units that are 
expendable: 80% failure of individuals may still result in 100% mission 
success. 

• Swarms present great potential for applications such as exploration, direct 
sensing and surveillance, and disaster relief. 

• For maximum effectiveness swarms cannot be preprogramed for all action 
but, must be programed such that, as they self-organize and cooperate, they 
learn from experience and their behavior is adapted to best complete the 
mission. 
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System Health Management 


Currently aerial vehicle systems health assessment and management is 
dependent on direct human decisions and action: 


• Limited information is provided to cockpit displays as input to humans for 
decision and action. 


• Much dependence is placed on periodic human inspection for fatiguing 
components or systems needing maintenance or replacement. 


• Scheduled end-of-life replacement is designed to replace components before 
failure but may result in premature replacement. 
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System Health Management (cont.) 

Integrated Vehicle Health Management (IVHM) conceived to collect data 

relevant to the condition and performance of vehicle and automate 

transformation into information used to support operational decisions. 

• Facilitated by development of inexpensive and small Size Weight And Power 
(SWAP) electromechanical sensors and communication technologies 
allowing pervasive distribution throughout the vehicle. 

• Enables continuous monitoring and real-time assessment of vehicle 
functional health. 

• Recent advances in information fusion and artificial intelligence facilitate 
autonomous decisions. 

• Beyond diagnosis, includes system prognosis for prediction of: 

- Remaining useful life of components 

- Recommendations on preventative maintenance 

- Fail-safe decisions on continued operation. 

• Maintenance operations are improved by reduced occurrences of 
unexpected faults and by early identification of failure precursors. 

• Condition-Based Maintenance (CBM) is enabled, enhancing mission 
reliability and safety and optimizing component lifetime. 
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System Health Management (cont.) 

• Ubiquitous sensing enables real-time diagnostics. 



• Machine intelligence enables prognostics that improve maintenance and 
mitigate system failure. 


• But increasing cognitive ability, adaptability, and autonomy of machines 
leads the way beyond identification and prevention of system failure to 
systems that can compensate for failure through system resource 
reallocation and adaptation towards systems that can adapt to unexpected 
environmental conditions. 
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Self-healing Materials 

• Aircraft structure is a tradeoff between strength and weight: 

- Structures must be strong enough to withstand consistently variable stresses yet 
minimal weight. 

- Due to uncertainty, minimum level is exceeded and yet there is still failure. 

- Exceeding strength to guarantee against failure would be impractical. 

- Thus, structures designed knowing that fatigue will eventually cause failure. 

- Failure is determined largely by visual inspection. 

• Inspired from biological systems that self-heal after injury, research now 
ongoing into self-healing materials that can autonomously repair damage 
without human intervention: 

- Such materials could increase lifetime of mechanical systems reducing cost and 
demand for raw materials. 

- If determined early, damage is easier and cheaper to correct. 

- More importantly, these could improve safety of operations. 
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Self-healing Materials (cont.) 

But what if materials could do more than heal damage? 



• What if they could adapt for strength: borrow from areas of less stress to 
fortify areas under more stress? 


• What if materials could grow in strength in response to stress, similar to how 
muscles build strength? 


• Such a system would not be designed for resilience to expected stress but 
would instead be designed to adapt to undetermined stress as it is 
encountered. 
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Conclusion 



• Despite the fantastic advances made in technologies and systems, the 
engineering community is facing many unsolved problems. 

• Continuing conventional design methods of specifying requirements that 
produce systems to perform as expected in an anticipated environment may 
not solve these problems. 

• NASA has established the Consortium on System Engineering of Elegant 
Systems to develop new methods for design of much improved systems. 

• An enabler of elegant system design is a change in design philosophy that 
will produce antifragile systems: systems able to learn to perform in the face 
of the unexpected and improve performance beyond what was anticipated. 

• Several examples were shown of designing for antifragility. 
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